The future of OpenStack must involve improved security, for the simple reason that adopters of OpenStack require a clear path to creating a secure cloud to meet the needs of the enterprise… not just developers. But how do you secure OpenStack without ruining OpenStack? How do you do so at-scale? To answer these questions, we discuss a project that we call OpenStack Defense (OSDef). The basic idea of OSDef is to achieve enterprise-grade security the DevOps way; where automation, integration, and verification work together to provide a pipeline to deliver an ever-improving service. In this case, that service is dynamic security. We discuss how OSDef will leverage Cloud, DevOps, and Big Data technologies and practices in concert to automate and accelerate the incident response lifecycle by creating an event-handling pipeline for security-related information: collection, storage, search, aggregation, correlation, alerts/notifications, visualization, and response.
